Command Injection Vulnerability in Netwrix Password Secure Software by Netwrix
CVE-2025-26817

9.8CRITICAL

Key Information:

Vendor: Netwrix
Status: Password Secure
Vendor: CVE Published:; 3 April 2025

What is CVE-2025-26817?

Netwrix Password Secure version 9.2.0.32454 is impacted by a critical command injection vulnerability which allows an attacker to exploit the application by injecting malicious OS commands. This could potentially lead to unauthorized execution of commands on the host system, compromising sensitive data and system integrity. It is imperative for users of this version to apply recommended updates to mitigate the associated risks.

References

https://helpcenter.netwrix.com/bundle/PasswordSecure_9.2_...

https://security.netwrix.com/advisories/adv-2025-009

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Feb 14, 2025